CN115102736A - Network security assessment method and system based on pattern recognition - Google Patents
Network security assessment method and system based on pattern recognition Download PDFInfo
- Publication number
- CN115102736A CN115102736A CN202210675532.XA CN202210675532A CN115102736A CN 115102736 A CN115102736 A CN 115102736A CN 202210675532 A CN202210675532 A CN 202210675532A CN 115102736 A CN115102736 A CN 115102736A
- Authority
- CN
- China
- Prior art keywords
- network
- network security
- network environment
- values
- alpha
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000003909 pattern recognition Methods 0.000 title claims abstract description 16
- 238000012549 training Methods 0.000 claims description 10
- 238000013210 evaluation model Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 238000003062 neural network model Methods 0.000 claims description 3
- 238000013480 data collection Methods 0.000 claims 1
- 230000003287 optical effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000012567 pattern recognition method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Biophysics (AREA)
- Evolutionary Computation (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Image Analysis (AREA)
Abstract
The invention provides a method and a system for evaluating network security based on pattern recognition.
Description
Technical Field
The present application relates to the field of network multimedia, and in particular, to a method and system for network security assessment based on pattern recognition.
Background
The existing network security assessment mostly adopts a clustering method to carry out modeling, and judges whether the current network is safe or not through model parameters. However, the parameters in the real scene are not in a fixed corresponding relationship with the network environment, so that the actual application value of the existing evaluation method is not high.
Therefore, there is a need for a method and system for targeted pattern recognition-based network security assessment.
Disclosure of Invention
The invention aims to provide a method and a system for evaluating network security based on pattern recognition.
In a first aspect, the present application provides a method for network security assessment based on pattern recognition, the method comprising:
collecting network environment parameters, gathering the network environment parameters in terms, and establishing a network security parameter set;
assigning values to the network security parameter set according to the numerical values of the network environment parameters;
requesting historical values of the network security parameter set from a server, and arranging the historical values and the collected current values into a vector in terms, wherein each term forms a training sample set;
calling a pattern recognition unit to train the training sample set, extracting a single-term historical numerical value in the training sample set, and multiplying the historical numerical value by alpha to meet a first condition that the sum of the multiplication result and a preset constant a is equal to 0, wherein alpha is a convex set coefficient, and the reciprocal of an absolute value of alpha is defined as a vector width; meanwhile, the result of multiplication operation of the historical numerical value and alpha is subtracted from a preset constant b, the second condition that the current numerical value of the single item is multiplied by the subtraction result to be more than or equal to 1-beta is met, and beta is a vector loose coefficient;
the values of the preset constants a and b depend on the type of the current network, the server stores the mapping relation between the network type and the preset constants in advance, and the constants a and b are paired;
calling an operation unit to calculate partial derivatives of the second condition, wherein the partial derivatives are calculated based on the alpha and the beta respectively to obtain an optimal solution of the vector width;
taking the optimal solution of the vector width as an input parameter of a decision function of a network security evaluation model, and establishing an evaluation model;
and inputting the collected network environment parameters into the evaluation model, and judging whether the network environment is safe or not.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the itemizing includes clustering, performing merge analysis on local area networks of the same type or adjacent positions, and the itemizing further includes collecting data according to a specified item.
With reference to the first aspect, in a second possible implementation manner of the first aspect, when the network environment is determined to be unsafe, the current network environment parameter reporting server is recorded.
With reference to the first aspect, in a third possible implementation manner of the first aspect, the operation unit employs a neural network model.
In a second aspect, the present application provides a system for pattern recognition based network security assessment, the system comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the method of any one of the four possibilities of the first aspect according to instructions in the program code.
In a third aspect, the present application provides a computer readable storage medium for storing program code for performing the method of any one of the four possibilities of the first aspect.
Advantageous effects
The invention provides a method and a system for network security assessment based on pattern recognition, wherein a training sample set is formed by establishing a network security parameter set and combining historical data itemization, then a pattern recognition method is invoked to train the sample set, so that an optimal solution is solved to obtain a required vector width, an assessment model is established, dynamic correspondence of scene parameters and a network environment is realized, the problem that the prior art cannot adapt to a flexible and changeable network environment is solved, and the efficiency of network security assessment is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without any creative effort.
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings so that the advantages and features of the present invention can be more easily understood by those skilled in the art, and the scope of the present invention will be more clearly and clearly defined.
Fig. 1 is a flowchart of a method for evaluating network security based on pattern recognition provided in the present application, including:
collecting network environment parameters, gathering the network environment parameters in terms, and establishing a network security parameter set;
assigning values to the network security parameter set according to the numerical values of the network environment parameters;
requesting historical values of the network security parameter set from a server, and arranging the historical values and the collected current values into a vector in terms, wherein each term forms a training sample set;
calling a pattern recognition unit to train the training sample set, extracting a single-term historical numerical value in the training sample set, and multiplying the historical numerical value by alpha to meet a first condition that the sum of the multiplication result and a preset constant a is equal to 0, wherein alpha is a convex set coefficient, and the reciprocal of an absolute value of alpha is defined as a vector width; meanwhile, the result of multiplication operation of the historical numerical value and alpha is subtracted from a preset constant b, the second condition that the current numerical value of the single item is multiplied by the subtraction result to be more than or equal to 1-beta is met, and beta is a vector loose coefficient;
the values of the preset constants a and b depend on the type of the current network, the server stores the mapping relation between the network type and the preset constants in advance, and the constants a and b are paired;
calling an operation unit to calculate partial derivatives of the second condition, wherein the partial derivatives are calculated based on the alpha and the beta respectively to obtain an optimal solution of the vector width;
taking the optimal solution of the vector width as an input parameter of a decision function of a network security evaluation model, and establishing an evaluation model;
and inputting the collected network environment parameters into the evaluation model, and judging whether the network environment is safe or not.
In some preferred embodiments, the itemized clustering further includes collecting data according to a specified project, wherein the clustering includes a clustering operation of merging and analyzing local area networks of the same type or adjacent positions.
In some preferred embodiments, when the network environment is judged to be unsafe, the current network environment parameter reporting server is recorded.
In some preferred embodiments, the arithmetic unit employs a neural network model.
The application provides a system for network security assessment based on pattern recognition, which comprises: the system includes a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the method according to any of the embodiments of the first aspect according to instructions in the program code.
The present application provides a computer readable storage medium for storing program code for performing the method of any one of the embodiments of the first aspect.
In specific implementation, the present invention further provides a computer storage medium, where the computer storage medium may store a program, and the program may include some or all of the steps in the embodiments of the present invention when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM) or a Random Access Memory (RAM).
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented using software plus any required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The same and similar parts between the various embodiments of the present specification may be referred to each other. In particular, for the embodiments, since they are substantially similar to the method embodiments, the description is simple, and reference may be made to the description of the method embodiments for relevant points.
The above-described embodiments of the present invention should not be construed as limiting the scope of the present invention.
Claims (6)
1. A method for network security assessment based on pattern recognition, the method comprising:
collecting network environment parameters, gathering the network environment parameters in terms, and establishing a network security parameter set;
assigning values to the network security parameter set according to the numerical values of the network environment parameters;
requesting historical values of the network security parameter set from a server, and arranging the historical values and the collected current values into a vector in terms, wherein each term forms a training sample set;
calling a pattern recognition unit to train the training sample set, extracting a single-term historical numerical value in the training sample set, and multiplying the historical numerical value by alpha to meet a first condition that the sum of the multiplication result and a preset constant a is equal to 0, wherein alpha is a convex set coefficient, and the reciprocal of an absolute value of alpha is defined as a vector width; meanwhile, the result of multiplication operation of the historical numerical value and alpha is subtracted from a preset constant b, the second condition that the current numerical value of the single item is multiplied by the subtraction result to be more than or equal to 1-beta is met, and beta is a vector loose coefficient;
the values of the preset constants a and b depend on the type of the current network, the server stores the mapping relation between the network type and the preset constants in advance, and the constants a and b are paired;
calling an operation unit to calculate partial derivatives of the second condition, wherein the partial derivatives are calculated based on the alpha and the beta respectively to obtain an optimal solution of the vector width;
taking the optimal solution of the vector width as an input parameter of a decision function of a network security evaluation model, and establishing an evaluation model;
and inputting the collected network environment parameters into the evaluation model, and judging whether the network environment is safe or not.
2. The method of claim 1, wherein: the item clustering comprises clustering operation and merging analysis of local area networks of the same type or adjacent positions, and the item clustering also comprises data collection according to specified items.
3. The method of claim 2, wherein: and when the network environment is judged to be unsafe, recording the current network environment parameters and reporting to the server.
4. The method of claim 3, wherein: the arithmetic unit adopts a neural network model.
5. A system for network security assessment based on pattern recognition, the system comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the method according to instructions in the program code to implement any of claims 1-4.
6. A computer-readable storage medium, characterized in that the computer-readable storage medium is configured to store a program code for performing implementing the method of any of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210675532.XA CN115102736B (en) | 2022-06-15 | 2022-06-15 | Method and system for evaluating network security based on pattern recognition |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210675532.XA CN115102736B (en) | 2022-06-15 | 2022-06-15 | Method and system for evaluating network security based on pattern recognition |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115102736A true CN115102736A (en) | 2022-09-23 |
CN115102736B CN115102736B (en) | 2024-04-26 |
Family
ID=83291908
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210675532.XA Active CN115102736B (en) | 2022-06-15 | 2022-06-15 | Method and system for evaluating network security based on pattern recognition |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115102736B (en) |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103780588A (en) * | 2012-10-24 | 2014-05-07 | 北京邮电大学 | User abnormal behavior detection method in digital home network |
CN106250442A (en) * | 2016-07-26 | 2016-12-21 | 新疆大学 | The feature selection approach of a kind of network security data and system |
CN107046534A (en) * | 2017-03-24 | 2017-08-15 | 厦门卓讯信息技术有限公司 | A kind of network safety situation model training method, recognition methods and identifying device |
US20180060752A1 (en) * | 2016-08-25 | 2018-03-01 | Oracle International Corporation | Robust training technique to facilitate prognostic pattern recognition for enterprise computer systems |
CN108418841A (en) * | 2018-05-18 | 2018-08-17 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
CN109840413A (en) * | 2017-11-28 | 2019-06-04 | 中国移动通信集团浙江有限公司 | A kind of detection method for phishing site and device |
CN112085043A (en) * | 2019-06-14 | 2020-12-15 | 中国科学院沈阳自动化研究所 | Intelligent monitoring method and system for network security of transformer substation |
CN112488226A (en) * | 2020-12-10 | 2021-03-12 | 中国电子科技集团公司第三十研究所 | Terminal abnormal behavior identification method based on machine learning algorithm |
CN112732919A (en) * | 2021-01-15 | 2021-04-30 | 中国科学院地理科学与资源研究所 | Intelligent classification label method and system for network security threat information |
CN112766343A (en) * | 2021-01-12 | 2021-05-07 | 郑州轻工业大学 | Network security situation assessment method based on improved WOA-SVM |
CN113269389A (en) * | 2021-03-29 | 2021-08-17 | 中国大唐集团科学技术研究院有限公司 | Network security situation assessment and situation prediction modeling method based on deep belief network |
CN114172705A (en) * | 2021-11-29 | 2022-03-11 | 北京智美互联科技有限公司 | Network big data analysis method and system based on pattern recognition |
WO2022057321A1 (en) * | 2020-09-17 | 2022-03-24 | 华为技术有限公司 | Method and apparatus for detecting anomalous link, and storage medium |
US20220147815A1 (en) * | 2020-11-09 | 2022-05-12 | Domaintools, Llc | Multi-level ensemble classifers for cybersecurity machine learning applications |
CN114581694A (en) * | 2022-05-05 | 2022-06-03 | 南京邮电大学 | Network security situation assessment method based on improved support vector machine |
-
2022
- 2022-06-15 CN CN202210675532.XA patent/CN115102736B/en active Active
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103780588A (en) * | 2012-10-24 | 2014-05-07 | 北京邮电大学 | User abnormal behavior detection method in digital home network |
CN106250442A (en) * | 2016-07-26 | 2016-12-21 | 新疆大学 | The feature selection approach of a kind of network security data and system |
US20180060752A1 (en) * | 2016-08-25 | 2018-03-01 | Oracle International Corporation | Robust training technique to facilitate prognostic pattern recognition for enterprise computer systems |
CN107046534A (en) * | 2017-03-24 | 2017-08-15 | 厦门卓讯信息技术有限公司 | A kind of network safety situation model training method, recognition methods and identifying device |
CN109840413A (en) * | 2017-11-28 | 2019-06-04 | 中国移动通信集团浙江有限公司 | A kind of detection method for phishing site and device |
CN108418841A (en) * | 2018-05-18 | 2018-08-17 | 广西电网有限责任公司 | Next-generation key message infrastructure network Security Situation Awareness Systems based on AI |
CN112085043A (en) * | 2019-06-14 | 2020-12-15 | 中国科学院沈阳自动化研究所 | Intelligent monitoring method and system for network security of transformer substation |
WO2022057321A1 (en) * | 2020-09-17 | 2022-03-24 | 华为技术有限公司 | Method and apparatus for detecting anomalous link, and storage medium |
US20220147815A1 (en) * | 2020-11-09 | 2022-05-12 | Domaintools, Llc | Multi-level ensemble classifers for cybersecurity machine learning applications |
CN112488226A (en) * | 2020-12-10 | 2021-03-12 | 中国电子科技集团公司第三十研究所 | Terminal abnormal behavior identification method based on machine learning algorithm |
CN112766343A (en) * | 2021-01-12 | 2021-05-07 | 郑州轻工业大学 | Network security situation assessment method based on improved WOA-SVM |
CN112732919A (en) * | 2021-01-15 | 2021-04-30 | 中国科学院地理科学与资源研究所 | Intelligent classification label method and system for network security threat information |
CN113269389A (en) * | 2021-03-29 | 2021-08-17 | 中国大唐集团科学技术研究院有限公司 | Network security situation assessment and situation prediction modeling method based on deep belief network |
CN114172705A (en) * | 2021-11-29 | 2022-03-11 | 北京智美互联科技有限公司 | Network big data analysis method and system based on pattern recognition |
CN114581694A (en) * | 2022-05-05 | 2022-06-03 | 南京邮电大学 | Network security situation assessment method based on improved support vector machine |
Non-Patent Citations (2)
Title |
---|
MARIUSZ FLASIŃSKI: "Pattern Recognition and Cluster Analysis", 《SPRINGERLINK》, 6 July 2016 (2016-07-06) * |
韩晓露: "大数据环境网络安全态势感知关键技术研究", 《中国优秀硕士学位论文全文数据库》, 15 February 2022 (2022-02-15) * |
Also Published As
Publication number | Publication date |
---|---|
CN115102736B (en) | 2024-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110245285B (en) | Personalized recommendation method based on heterogeneous information network | |
CN111695965B (en) | Product screening method, system and equipment based on graphic neural network | |
CN108229170B (en) | Software analysis method and apparatus using big data and neural network | |
CN115511501A (en) | Data processing method, computer equipment and readable storage medium | |
JP2019511764A (en) | Method and apparatus for recommending a question | |
CN111160783B (en) | Digital asset value evaluation method and system and electronic equipment | |
CN111078880A (en) | Risk identification method and device for sub-application | |
CN117149996A (en) | Man-machine interface digital conversation mining method and AI system for artificial intelligence application | |
CN112990583A (en) | Method and equipment for determining mold entering characteristics of data prediction model | |
CN115102736A (en) | Network security assessment method and system based on pattern recognition | |
MacDonell et al. | Alternatives to regression models for estimating software projects | |
CN117081941A (en) | Flow prediction method and device based on attention mechanism and electronic equipment | |
CN116522131A (en) | Object representation method, device, electronic equipment and computer readable storage medium | |
CN111144987A (en) | Abnormal shopping behavior limiting method, limiting assembly and shopping system | |
CN114936608A (en) | Improved mode recognition network evaluation method and system | |
Chongwen et al. | O2O E-Commerce Data Mining in Big Data Era. | |
CN115858911A (en) | Information recommendation method and device, electronic equipment and computer-readable storage medium | |
KR102512552B1 (en) | Apparatus and method for analyzing artificial intelligence processing results | |
CN110298669B (en) | iOS charging risk control system based on graphic structure | |
CN116701000B (en) | Resource integration method and device based on AI and cloud edge cooperation | |
CN114820085B (en) | User screening method, related device and storage medium | |
CN115242614B (en) | Network information analysis method, device, equipment and medium | |
CN117312560A (en) | Data classification method, device, electronic equipment and computer readable medium | |
CN115099927A (en) | Loan risk analysis method and device based on social network analysis | |
CN116208361A (en) | Cloud network fusion network and content security method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |